DHS will deploy sensors to agencies, generating the needed 60 billion to 80 billion vulnerability-and-configuration-setting checks every one-to-three days across the .gov network, according to a fact sheet issued by the department.

The need for such monitoring is critical as cyberattacks against the government mount. The federal government in 2011 responded to more than 106,000 attacks, including cyber exploits that injected viruses, stole information and disrupted federal network operations. "In contrast," the fact sheet says, "decade-old security regulations require manually testing major systems just once every three years. This creates findings that are often out of date before they go to print."

In its role overseeing and assisting agencies in their IT security efforts, DHS says it will supply a set of cyber-defense capabilities to protect the .gov from escalating and rapidly evolving threats. DHS will provide diagnoses, prioritizing and displaying the most serious problems first. The department says it will use internationally recognized best practices for optimal results.

DHS contends defending federal networks has proven to be feasible and cost effective by automating cybersecurity testing and creating diagnostic reports to accelerate corrective action. More than 80 percent of the time, exploits target previously known vulnerabilities on networks, computers and commercial software, DHS says. Since 2003, federal case studies indicate that repairs can often be completed before damaging acts are attempted when diagnostic reports highlight the worst problems to fix first.

Here are the capabilities DHS says it will provide agencies:

Critical Warnings: DHS will warn agencies about vulnerabilities and weaknesses that could shut down network operations if critical patches and repairs are not completed.

Dashboards: DHS will deploy a cyber-diagnostic dashboard at each agency to provide customized reports, alerting government program and technical managers of the worst known cyber risks requiring priority attention. Progress will be recalculated each day so results can be compared within the agencies. A central dashboard will be located at DHS to reflect federal enterprise security status.

CyberScope: DHS will summarize progress, correcting known problems across .gov networks and feed status information to a federal security system called CyberScope [see Automated FISMA Reporting Tool Unveiled]. Federal trend monitoring capability will watch for instances where agency action on critical patches needs to be accelerated as a protective measure.

The department says it will use commercial, off-the-shelf tools whenever possible to collect information on security vulnerabilities. These sensors scan personal computers and servers and diagnose weaknesses which are then collected and prioritized for action by a dashboard tool available to each agency on the .gov network.

DHS agencies can use provided cyber-diagnostic tools directly or ask contractors to operate them on their behalf. Planning is underway to make the same diagnostic tools used on .gov networks available as an optional implementation strategy in federal cloud computing. "These combined strategies will unify and modernize the methods of conducting continuous monitoring across all networks and COTS software of .gov organizations no matter how they are implemented," the fact sheet says.

DHS says these methods have been proven at the State Department, which eliminated 89 percent of measured risk on personal computers and servers in 12 months, and one third of the remaining risk in 24 months. A fully-featured dashboard at the State Department helped implement critical patches to the 84 percent level of coverage in seven days and the 93 percent level of coverage in 30 days.

The State Department program was initiated by then Chief Information Security Officer John Streufert [see Building DHS's All-Star Cybersecurity Team], who now serves as director of DHS's National Cybersecurity Division, which is overseeing this project.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.